The master branch corresponds to the latest release (what is in pypi).
Development branch is unstable and all pull requests must be made against it.
More notes regarding installation can be found here.

Features

Scan types.

Droopescan aims to be the most accurate by default, while not overloading the
target server due to excessive concurrent requests. Due to this, by default, a
large number of requests will be made with four threads; change these settings
by using the --number and --threads arguments respectively.

This tool is able to perform four kinds of tests. By default all tests are ran,
but you can specify one of the following with the -e or --enumerate flag:

p -- Plugin checks: Performs several thousand HTTP requests and returns a
listing of all plugins found to be installed in the target host.

t -- Theme checks: As above, but for themes.

v -- Version checks: Downloads several files and, based on the checksums of these
files, returns a list of all possible versions.

You can specify a particular host to scan by passing the -u or --url
parameter:

droopescan scan drupal -u example.org

You can also omit the drupal argument. This will trigger “CMS identification”, like so:

droopescan scan -u example.org

Multiple URLs may be scanned utilising the -U or --url-file parameter. This
parameter should be set to the path of a file which contains a list of URLs.

droopescan scan drupal -U list_of_urls.txt

The drupal parameter may also be ommited in this example. For each site, it
will make several GET requests in order to perform CMS identification, and if
the site is deemed to be a supported CMS, it is scanned and added to the output
list. This can be useful, for example, to run droopescan across all your
organisation's sites.

A file containing URLs and a value to override the default host header with
separated by tabs or spaces is also OK for URL files. This can be handy when
conducting a scan through a large range of hosts and you want to prevent
unnecessary DNS queries. To clarify, an example below:

It is quite tempting to test whether the scanner works for a particular CMS
by scanning the official site (e.g. wordpress.org for wordpress), but the
official sites rarely run vainilla installations of their respective CMS or do
unorthodox things. For example, wordpress.org runs the bleeding edge version of
wordpress, which will not be identified as wordpress by droopescan at all
because the checksums do not match any known wordpress version.

This application supports both "standard output", meant for human consumption,
or JSON, which is more suitable for machine consumption. This output is stable
between major versions.
This can be controlled with the --output flag. Some sample JSON output would
look as follows (minus the excessive whitespace):